Kaspersky Lab experts responded to a group of cyber theft cases targeting financial institutions in Eastern Europe. There searchers found that in eachcase, corporate networks were accessed by an unknown device controlled by the attackers. These networked devices were sneaking into company buildings. To date, eight banks in there gion have been attacked by this method. Tens of millions of dollarswerelost as a result of the attacks. Once the connection is established, the cyber criminals try to access the web servers to steal the necessary data from a particular computer via there mote desktop protocol. Then they commit data theft. This file less attack method uses the remote launch toolkits Impacket, winexesvc.exe, and psexec.exe. Inthe final stage, attackers use remote control software to protect their access to the computer they have seized.

What needs to be done to prevent such attacks;

• Physical security systems should be given importance.

• More attention should be paid to monitoring connected devices and accessing the corporate network.

• Network, Security devices in the environment must be positioned correctly.

• Environmental Monitoring and Control Systems, in the simplest sense, should pay attention to monitor certain parameters of the values required.

• Psexec, script etc. In order to prevent the commands from being executed by the end user, the necessary policies must be activated.